Introduction of the container

What is a Linux container

A Linux container is a series of processes isolated from the rest of the system, running from another image that provides all the files needed to support the process.

The image provided by the container contains all the dependencies of the application, making it portable and consistent throughout development, testing, and production.

To be more specific, assume that you are developing an application. You are using a laptop, and your development environment has a specific configuration. Other developers may have a slightly different environment configuration. The application you are developing depends on your current configuration, as well as on certain files.

At the same time, your enterprise has a standardized test and production environment with its own configuration and set of supporting documents.

You want to emulate as many of these environments locally as possible without the overhead of recreating the server environment.

So how do you ensure that your application will run and pass quality checks in these environments without causing headaches, code rewrites and bug fixes during deployment? The answer is to use containers.

Containers ensure that your applications have the necessary configuration and documentation to run smoothly, without any adverse issues, from development through testing to production. This avoids a crisis and everyone is happy.

While this is a simplified example, there are a number of ways that Linux containers can be leveraged in situations where high portability, configurability, and isolation are required.

Whether the infrastructure is in the enterprise, in the cloud, or a mixture of both, containers can meet your needs.

Isn’t a container virtualization

Yes, but not surprisingly. Let’s think about it in a simple way:

Virtualization allows many operating systems to run simultaneously on a single system.

Containers can share the same operating system kernel, isolating application processes from the rest of the system.

Figure – Common virtualization vs. Docker

What does that mean? First, having multiple operating systems running on a single hypervisor for virtualization does not achieve the same lightweight effect as using containers.

In fact, when you have limited resources with limited capacity, you need lightweight applications that can be deployed intensively.

Linux containers can run from a single operating system, sharing the operating system among all containers, so applications and services can remain lightweight and run quickly in parallel.

A brief history of container development

The concept of what we now call container technology was first introduced in 2000 as FreeBSD jails, which partition a FreeBSD system into multiple subsystems (also known as jails).

Jails were developed as secure environments that system administrators can share with multiple users, both inside and outside the enterprise.

Jails are intended to allow processes to be created in a modified Chroot environment without being isolated and impacting the entire system — where access to file systems, networks, and users is virtualized.

Despite the limitations of jails in terms of implementation, eventually people find a way out of this isolated environment.

But the concept is very attractive.

The implementation of isolated environments entered the Linux space in 2001 through Jacques Gelinas’ VServer project.

As Gelinas puts it, the goal of this work is to “run multiple general-purpose Linux servers [sic] ina single environment that is highly independent and secure.”

With this groundwork done for multiple controlled user Spaces in Linux, the Linux container began to take shape and eventually evolve into what it is today.

What is a Docker?

The term “Docker” refers to a variety of things, including open source community projects, the tools used by open source projects, and the company leading such projects, Docker Inc. And the company’s officially supported tools. It can be a bit confusing to use the same name for a technology product and a company.

Here’s a quick explanation:

The “Docker” in 馃帊 IT software refers to containerization technology used to support the creation and use of Linux containers.

The 馃帊 open source Docker community is dedicated to improving such technologies and making them freely available to all users to benefit from.

馃帊 Docker Inc., which started out as a Docker community product, is responsible for improving the security of the community version and sharing the improved version with the wider technical community. In addition, it specializes in perfecting and safely curing these technology products to serve corporate customers.

With Docker, you can use containers as lightweight, modular virtual machines. You also gain a high degree of flexibility to efficiently create, deploy, and copy containers and migrate them from one environment to another.

How does Docker work?

Docker technology uses the Linux kernel and kernel features such as Cgroups and Namespaces to separate processes so that they run independently of each other.

This independence is the purpose of the container; It can run multiple processes and applications independently, making the most of the infrastructure while maintaining the security of individual systems.

Container tools (including Docker) provide image-based deployment patterns. This enables it to easily share groups of applications or services with its dependencies across multiple environments. Docker can also automatically deploy applications in this container environment (or combine multiple processes to build a single application).

In addition, because these tools are built on Linux containers, Docker is both easy to use and unique — it provides users with unprecedented levels of application access, rapid deployment, and version control and distribution capabilities.

Is Docker technology the same as traditional Linux containers?

No. Docker technology was originally built on LXC technology (which most people associate with “traditional” Linux containers), but it has since moved away from this reliance.

LXC is useful as a lightweight virtualization feature, but it doesn’t provide a great developer or user experience. In addition to running containers, Docker technology has a number of other features, including simplifying the processes used to build containers, transfer images, and control versions of images.

Traditional Linux containers use the init system to manage multiple processes. This means that all applications run as a whole. In contrast, Docker technology encourages applications to run their processes independently and provides tools to do so. This refined operation has its advantages.

The goal of the docker

The main goal of Docker is to “Build,Ship and Run any App,Angwhere”, Build,Ship, Run everywhere

  • ** Build: ** Make a Docker image
  • ** Shipping: ** Docker pull
  • ** Run: ** starts a container

For each container, it has its own filesystem rootfs.

Install the Docker

The environment that

[root@docker01 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@docker01 ~]# uname -r 3.10.0-327.el7.x86_64 [root@docker01 ~]# hostname -I 10.0.0.100 172.16.1.100 [root@docker02 ~]# hostname -I 10.0.0.101 172.16.1.101Copy the code

Operate on both nodes

wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce -y
Copy the code

Modify configuration in Docker01:

# change the startup file. To monitor remote port vim/usr/lib/systemd/system/docker. Service ExecStart = / usr/bin/dockerd -h Unix: / / / var/run/docker. The sock - H TCP :// 10.0.0.100/2375 systemctl daemon-reload systemctl enable docker.service systemctl restart docker.service # ps -ef Indicates whether the check is startedCopy the code

In docker02 test

[root@docker02 ~]# docker-h 10.0.0.100 info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 17.12.0- CE Storage Driver: Devicemapper 路路Copy the code

Docker basic command operations

View docker information

[root@docker01 ~]# docker version Client: version: 17.12.0 -CE API version: 1.35 Go version: go1.9.2 Git commit: C97c6d6 Built: Wed Dec 27 20:10:14 2017 OS/Arch: Linux/AMD64 Server: Engine: Version: 17.12.0- CE API Version: 1.35 (minimum version 1.12) Go version: go1.9.2 Git commit: c97c6d6 Built: Wed Dec 27 20:12:46 2017 OS/Arch: linux/amd64 Experimental: falseCopy the code

Configure Docker image acceleration

vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}  
Copy the code

Start the first container

[root@docker01 ~]# docker run -d -p 80:80 nginx Unable to find image 'nginx:latest' locally latest: Pulling from library/nginx e7bb522d92ff: Pull complete 6edc05228666: Pull complete cd866a17e81f: Pull complete Digest: sha256:285b49d42c703fdf257d1e2422765c4ba9d3e37768d6ea83d7fe2043dad6e63d Status: Downloaded newer image for nginx: latest 8 d8f81da12b5c10af6ba1a5d07f4abc041cb95b01f3d632c3d638922800b0b4d # container starts, Perform access tests in the browserCopy the code

Parameters that

Docker image life cycle

Docker image related operations

Search for official warehouse images

[root@docker01 ~]#  docker search centos
NAME                      DESCRIPTION                    STARS    OFFICIAL               AUTOMATED
centos                    The official build of CentOS.  3992     [OK]      
ansible/centos7-ansible   Ansible on Centos7             105                              [OK]
Copy the code

A list of instructions

Access to the mirror

Pull a mirror by its name

[root@docker01 ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos af4b0a2388c6: Downloading 34.65 MB / 73.67 MBCopy the code

View the host mirror list

[root@docker01 ~]# docker image list 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos              latest              ff426288ea90        3 weeks ago         207MB
nginx               latest              3f8a4339aadd        5 weeks ago         108MB
Copy the code

Pull a third-party mirror

docker pull index.tenxcloud.com/tenxcloud/httpd
Copy the code

Export the mirror

[root@docker01 ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE centos latest ff426288ea90 3 weeks ago 207MB Nginx latest 3f8a4339aadd 5 weeks ago 108MB # export [root@docker01 ~]# docker image save centos > docker-centos.tar.gzCopy the code

Remove the mirror

[root@docker01 ~]# docker image rm centos:latest
[root@docker01 ~]# docker image list 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              3f8a4339aadd        5 weeks ago         108MB
Copy the code

Import mirror

[root@docker01 ~]# docker image load -i docker-tocentos.tar. gz e15afa4858b6: Loading layer Loaded image centos:latest [root@docker01 ~]# docker image list REPOSITORY TAG IMAGE ID CREATED SIZE centos latest ff426288ea90 3 weeks ago 207MB nginx latest 3f8a4339aadd 5 weeks ago 108MBCopy the code

View details about a mirror

[root@docker01 ~]# docker image inspect centos
Copy the code

Daily management of containers

Start/stop of containers

The simplest way to run a container

[root@docker01 ~]# docker run nginx
Copy the code

Create a container in two steps (not often used)

[root@docker01 ~]# docker create centos:latest  /bin/bash
bb7f32368ecf0492adb59e20032ab2e6cf6a563a0e6751e58930ee5f7aaef204
[root@docker01 ~]# docker start stupefied_nobel
stupefied_nobel
Copy the code

Quick start container method

[root@docker01 ~]# docker run  centos:latest  /usr/bin/sleep 20;
Copy the code

The first process in the container must always be running, or the container will exit!

View the running container

[root@docker01 ~]# docker container ls or [root@docker01 ~]# docker ps Container ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8708e93fd767 nginx "nginx -g 'daemon of..." 6 seconds ago Up 4 seconds 80/tcp keen_lewinCopy the code

View your container details/IP

[root@docker01 ~]# docker container inspect Container name/IDCopy the code

View all your containers (including ones that are not running)

[root@docker01 ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8708e93fd767 nginx "nginx -g 'the daemon of..." 4 minutes ago Exited (0) 59 seconds ago keen_lewin f9f3e6af7508 nginx "nginx -g 'daemon of..." 5 minutes ago Exited (0) 5 minutes ago optimistic_haibt 8d8f81da12b5 nginx "nginx -g 'daemon of..." 3 hours ago Exited (0) 3 hours ago lucid_bohrCopy the code

Stop the container

[root@docker01 ~]# docker stop Container name /id or [root@docker01 ~]# docker container kill Container name/IDCopy the code

Entry container method

Boot in method

[root@docker01 ~]# docker run -it -it interactive terminal [root@docker01 ~]# docker run -it nginx:latest /bin/bash root@79241093859e:/#Copy the code

Exit/leave the container

ctrl+p聽&聽ctrl+q
Copy the code

A method to enter a container after startup

Start a Docker

[root@docker01 ~]# docker run -it centos:latest [root@1bf0f43c4d2f /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0  0 15:47 pts/0 00:00:00 /bin/bash root 13 1 0 15:47 pts/0 00:00:00 ps -efCopy the code

Attaching to the container, using PTS /0, will allow users to see the same operation as putting in through this method.

[root@docker01 ~]# docker attach 1bf0f43c4d2f [root@1bf0f43c4d2f /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0  15:47 pts/0 00:00:00 /bin/bash root 14 1 0 15:49 pts/0 00:00:00 ps -efCopy the code

Start a self-named container –name

[root@docker01 ~]# docker attach 1bf0f43c4d2f [root@1bf0f43c4d2f /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0  15:47 pts/0 00:00:00 /bin/bash root 14 1 0 15:49 pts/0 00:00:00 ps -efCopy the code

Exec into container methods (recommended)

[root@docker01 ~]# docker exec -it clsn1 /bin/bash [root@b20fa75b4b40 /]# reassign a terminal [root@b20fa75b4b40 /]# ps -ef UID PID  PPID C STIME TTY TIME CMD root 1 0 0 16:11 pts/0 00:00:00 /bin/bash root 13 0 0 16:14 pts/1 00:00:00 /bin/bash root 26 13 0 16:14 pts/1 00:00:00 ps -efCopy the code

Delete all containers

[root@docker01 ~]# docker rm -f 'docker ps -a -q' # -f Forcibly deletedCopy the code

Port mapping at startup

-p Indicates the port mapping

[root@docker01 ~]# docker run -d -p 8888:80  nginx:latest 
287bec5c60263166c03e1fc5b0b8262fe76507be3dfae4ce5cd2ee2d1e8a89a9
Copy the code

Different specified mapping methods

Random map

Docker run -p (large P) # requires mirroring supportCopy the code

Docker volume management

Create a volume during mounting

Mount the volume

[root@docker01 ~]# docker run -d -p 80:80 -v /data:/usr/share/nginx/html nginx:latest
079786c1e297b5c5031e7a841160c74e91d4ad06516505043c60dbb78a259d09
Copy the code

The site directory in the container is /usr/share/nginx/html

Write data to the host and view

[root@docker01 ~]# echo "http://www.nmtui.com" >/data/index.html
[root@docker01 ~]# curl 10.0.0.100
http://www.nmtui.com
Copy the code

Set up a shared volume to start a new container with the same volume

[root@docker01 ~]# docker run -d -p 8080:80 -v /data:/usr/share/nginx/html nginx:latest 351 f0bd78d273604bd0971b186979aa0f3cbf45247274493d2490527babb4e42 [root @ docker01 ~] # curl 10.0.0.100:8080 http://www.nmtui.comCopy the code

Viewing a Volume List

[root@docker01 ~]# docker volume ls
DRIVER              VOLUME NAME
Copy the code

Create a volume and attach it to it

Creating a volume

[root@docker01 ~]# docker volume create 
f3b95f7bd17da220e63d4e70850b8d7fb3e20f8ad02043423a39fdd072b83521
[root@docker01 ~]# docker volume ls 
DRIVER              VOLUME NAME
local               f3b95f7bd17da220e63d4e70850b8d7fb3e20f8ad02043423a39fdd072b83521
Copy the code

Specify the volume name

[root@docker01 ~]# docker volume ls 
DRIVER              VOLUME NAME
local               clsn
local               f3b95f7bd17da220e63d4e70850b8d7fb3e20f8ad02043423a39fdd072b83521
Copy the code

Viewing the Volume Path

[root@docker01 ~]# docker volume inspect clsn 
[
    {
        "CreatedAt": "2018-02-01T00:39:25+08:00",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/clsn/_data",
        "Name": "clsn",
        "Options": {},
        "Scope": "local"
    }
]
Copy the code

Using a Volume

[root@docker01 ~]# docker run -d -p 9000:80 -v clsn:/usr/share/nginx/html nginx:latest # 1434559 cff996162da7ce71820ed8f5937fb7c02113bbc84e965845c219d3503 host machine test/root @ docker01 ~ # echo 'blog.nmtui.com' > / var/lib/docker/volumes/CLSN _data while forming/index. The HTML/root @ docker01 ~ # curl 10.0.0.100:9000 blog.nmtui.comCopy the code

Set the volume

[root@docker01 ~]# docker run  -d  -P  --volumes-from 079786c1e297 nginx:latest 
b54b9c9930b417ab3257c6e4a8280b54fae57043c0b76b9dc60b4788e92369fb
Copy the code

View the ports used

[root@docker01 ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name TCP 00 0.0.0.0:22 0.0.0.0:* LISTEN 1400/ SSHD TCP 00 10.0.0.100:2375 0.0.0.0:* LISTEN 26218/dockerd tcp6 0 0 :::9000 :::* LISTEN 32015/docker-proxy tcp6 0 0 :::8080 :::* LISTEN 31853/docker-proxy tcp6 0 0 :::80 :::* LISTEN 31752/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1400/sshd tcp6 0 0 :::32769 :::* LISTEN [root@docker01 ~]# curl 10.0.0.100:32769 http://www.nmtui.comCopy the code

Manually save the container as an image

This is based on the official docker centos 6.8 image created

Official mirror list:

hub.docker.com/explore/

Start a centos6.8 image

[root@docker01 ~]# docker pull centos:6.8 [root@docker01 ~]# docker run -it -p 1022:22 centos:6.8 /bin/bash # Install the SSHD service in the container. And modify the system password/root @ 582051 b2b92b ~ # yum install openssh server - y/root @ 582051 b2b92b ~ # echo "root: 123456 | chpasswd [root@582051b2b92b ~]# /etc/init.d/sshd startCopy the code

After startup, the mirroring SSH connection test submits the container as an image

[root@docker01聽~]#聽docker聽commit聽brave_mcclintock聽聽centos6-ssh
Copy the code

Start the container with a new image

[root@docker01 ~]# docker run -d  -p 1122:22  centos6-ssh:latest  /usr/sbin/sshd -D 
5b8161fda2a9f2c39c196c67e2eb9274977e7723fe51c4f08a0190217ae93094
Copy the code

Install the HTTPD service in the container

[root@5b8161fda2a9聽/]#聽聽yum聽install聽httpd聽-y
Copy the code

Write startup script scripts

[root@5b8161fda2a9 /]# cat init.sh #! D/HTTPD start /usr/sbin/sshd -d [root@5b8161fda2a9 /]# chmod +x init.sh #Copy the code

Submit again as a new image

[root@docker01 ~]# docker commit  5b8161fda2a9 centos6-httpd 
sha256:705d67a786cac040800b8485cf046fd57b1828b805c515377fc3e9cea3a481c1
Copy the code

Start the mirroring and perform port mapping. And test access in the browser

[root@docker01 ~]# docker run -d -p 1222:22 -p 80:80  centos6-httpd /init.sh 
46fa6a06644e31701dc019fb3a8c3b6ef008d4c2c10d46662a97664f838d8c2c
Copy the code

Dockerfile automatically builds docker images

Official build dockerffile file reference

Github.com/CentOS/Cent…

Dockerfile instruction set

Dockerfile main components:

  • Basic image information FROM centos:6.8
  • RUN yum insatll openssh-server -y RUN yum insatll openssh-server -y RUN yum insatll openssh-server -y
  • CMD [“/bin/bash”]

Dockerfile:

  • Who is the mother of this mirror? (Specify base image)
  • MAINTAINER tells people who maintains it? (Specify the maintainer information, can not be)
  • RUN What do you want it to do?
  • ADD give it a point start-up capital (COPY file, will automatically decompress)
  • WORKDIR I am CD, today I put on makeup (set current working directory)
  • VOLUME gives it a place to store luggage (set volumes, mount host directories)
  • EXPOSE What doors it opens (specifies the port to EXPOSE)
  • CMD run, brother! (Specify what to do after the container is started)

Dockerfile other instructions:

  • COPY COPY files
  • ENV environment variable
  • ENTRYPOINT Command executed after the container is started

Create a Dockerfile

Create the first Dockerfile file

[root@docker01 base]# CD /opt/base # Dcokerfile [root@docker01 base]# vim Dockerfile FROM centos:6.8 RUN yum install openssh-server -y RUN echo "root:123456" |chpasswd RUN /etc/init.d/sshd start CMD ["/usr/sbin/sshd","-D"]Copy the code

Build the Docker image

[root@docker01 base]# docker image build -t centos6.8-ssh. Represents the current pathCopy the code

Start with a self-built image

[root@docker01 base]# docker run  -d -p 2022:22 centos6.8-ssh-b 
dc3027d3c15dac881e8e2aeff80724216f3ac725f142daa66484f7cb5d074e7a
Copy the code

Install Kodexplorer using Dcokerfile

Dockerfile File content

FROM centos:6.8 RUN yum install wget unzip PHP php-gd php-mbstring -y && yum clean all WORKDIR after operation are in the directory/var/WWW/HTML/wget RUN - c http://static.kodcloud.com/update/download/kodexplorer4.25.zip RUN unzip Zip && rm -f kodexplorer4.25.zip RUN chown -r apache.apache.cmd ["/usr/sbin/apachectl","-D","FOREGROUND"]Copy the code

For more information about dockerfiles, see the official method.

Image layering in Docker

Reference Documents:

www.maiziedu.com/wiki/cloud/…

Docker supports creating new images by extending existing ones. In fact, 99% of the images in Docker Hub are built by installing and configuring the required software in the base image.

As can be seen from the figure above, the new image is generated from the base image layer by layer. With each software installation, a layer is added to the existing image.

Why do Docker images layer

One of the biggest benefits of mirror layering is sharing resources.

For example, if multiple images are built from the same base image, Docker Host only needs to save one base image on disk. At the same time, only one base image is loaded in memory to serve all containers. And each layer of the mirror can be shared.

If multiple containers share the same base image, when one container changes the contents of the base image, such as the file in /etc, the other containers’ /etc will not be modified, and the changes will only be limited to a single container. This is the container copy-on-write feature.

Writable container layer

When the container starts, a new writable layer is loaded onto the top of the image. This layer is often referred to as the “container layer”, and everything below it is called the “mirror layer”.

All changes to the container – whether adding, deleting, or modifying files – occur only in the container layer. Only the container layer is writable; all mirror layers below the container layer are read-only.

Container layer details

There may be many mirror layers, all of which are combined to form a unified file system. If there is a file with the same path in different layers, for example, / A, the upper-layer/A overwrites the lower-layer/A, that is, users can access only the upper-layer/A files. In the container layer, the user sees a superimposed file system.

File operated

Copying a Copy of data only when it needs to be modified is called copy-on-write. As you can see, the container layer holds the changed parts of the image and does not make any changes to the image itself.

This explains the problem we raised earlier: the container layer records changes to the image, and all image layers are read-only and cannot be modified by the container, so images can be shared by multiple containers.

Run Zabbix-Server using Docker

Interconnections between containers

It is important to understand the interconnecting methods between containers before running Zabbix

Docker run -d -p 80:80 docker run -d -p 80:80 nginx Docker runit --link quirky_brown:web01 centos-ssh /bin/bash docker run --link quirky_brown:web01 centos-ssh /bin/bashCopy the code

Command Execution Process

# start apache container/root @ docker01 ~ # docker run - d HTTPD: 2.4 3 f1f7fc554720424327286bd2b04aeab1b084a3fb011a785b0deab6a34e56955 ^[[A[root@docker01 docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3f1f7fc55472 HTTPD :2.4 "Httpd-foreground" 6 seconds ago Up 5 seconds 80/ TCP Determined_clarke # pull busybox image [root@docker01 ~]# docker pull [root@docker01 ~]# docker run -it --link Determined_clarke :web busybox:latest /bin/sh / # # / # ping web Ping web (172.17.0.2): 56 data bytes 64 bytes from 172.17.0.2: Seq =0 TTL =0 time=0 ms ^C -- web ping statistics -- 1 packets transmitted, 1 packets transmitted, 0% packet loss round-trip min/ AVG/Max = 0.058/0.058/0.058msCopy the code

Start the Zabbix container

1. Start a mysql container

docker run --name mysql-server -t \ -e MYSQL_DATABASE="zabbix" \ -e MYSQL_USER="zabbix" \ -e MYSQL_PASSWORD="zabbix_pwd" \ -e MYSQL_ROOT_PASSWORD="root_pwd" \ -d mysql:5.7 \ --character-set-server=utf8 --collation-server= UTf8_binCopy the code

2. Start the Java-Gateway container to monitor Java services

docker run --name zabbix-java-gateway -t \
      -d zabbix/zabbix-java-gateway:latest
Copy the code

Zabbix-mysql: connect mysql to Java-gateway

docker run --name zabbix-server-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      -e ZBX_JAVAGATEWAY="zabbix-java-gateway" \
      --link mysql-server:mysql \
      --link zabbix-java-gateway:zabbix-java-gateway \
      -p 10051:10051 \
      -d zabbix/zabbix-server-mysql:latest
Copy the code

4, Start zabbix web display, use link to connect zabbix-mysql to mysql.

docker run --name zabbix-web-nginx-mysql -t \
      -e DB_SERVER_HOST="mysql-server" \
      -e MYSQL_DATABASE="zabbix" \
      -e MYSQL_USER="zabbix" \
      -e MYSQL_PASSWORD="zabbix_pwd" \
      -e MYSQL_ROOT_PASSWORD="root_pwd" \
      --link mysql-server:mysql \
      --link zabbix-server-mysql:zabbix-server \
      -p 80:80 \
      -d zabbix/zabbix-web-nginx-mysql:latest
Copy the code

About the zabbix API

The Zabbix API can be found in the official documentation:

www.zabbix.com/documentati…

1. Method of obtaining token

[root@docker02 ~]# curl-s-x post-h 'Content-type :application/json' -d' {"jsonrpc": "2.0", "method": "user.login", "params": { "user": "Admin", "password": "zabbix" }, "id": {1} 'http://10.0.0.100/api_jsonrpc.php "jsonrpc" : "2.0", "result" : "d3be707f9e866ec5d0d1c242292cbebd", "id" : 1}Copy the code

Docker Repository (Registry)

Create a normal repository

1. Create a repository

docker聽run聽-d聽-p聽5000:5000聽--restart=always聽--name聽registry聽-v聽/opt/myregistry:/var/lib/registry聽聽registry聽
Copy the code

2. Modify the configuration file to support HTTP

[root@docker01 ~]# cat /etc/docker/daemon.json { "registry-mirrors": (" https://registry.docker-cn.com "), "insecure - registries:" [] "10.0.0.100:5000"}Copy the code

Restart docker for the changes to take effect

[root@docker01聽~]#聽systemctl聽restart聽聽docker.service
Copy the code

3. Modify the image label

/ root @ docker01 ~ # docker tag busybox: latest 10.0.0.100:5000 / CLSN/busybox: 1.0 / a root @ docker01 ~ # docker images REPOSITORY TAG IMAGE ID CREATED SIZE Centos6 - SSH latest 3C2b1e57A0F5 18 hours ago 393MB HTTPD 2.4 2e202f453940 6 days Line 179 MB 10.0.0.100:5000 / CLSN/busybox 1.0 5 b0d59026729 8 days line 1.15 MBCopy the code

4. Upload the newly labeled image to the warehouse

/ root @ docker01 ~ # docker push 10.0.0.100:5000 / CLSN/busyboxCopy the code

Warehouse with BASIC certification

1. Install encryption tools

[root@docker01 clsn]# yum install httpd-tools  -y
Copy the code

2. Set an authentication password

mkdir /opt/registry-var/auth/ -p
htpasswd  -Bbn clsn 123456  > /opt/registry-var/auth/htpasswd
Copy the code

3. Start the container, passing authentication parameters during startup

docker run -d -p 5000:5000 -v /opt/registry-var/auth/:/auth/ -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry
Copy the code

4. Use validation user tests

[root@docker01 ~]# docker login 10.0.0.100:5000 # 123456 Login Succeeded push mirrored to warehouse/root @ docker01 ~ # docker push 10.0.0.100:5000 / CLSN/busybox The push refers to The repository 10.0.0.100:5000 / CLSN/busybox 4 febd3792a1f: Pushed 1.0: digest: sha256:4cee1979ba0bf7db9fc5d28fb7b798ca69ae95a47c5fecf46327720df4ff352d size: [root@docker01 ~]# cat.docker /config.json {"auths": {"10.0.0.100:5000": {"auth": "Y2xzbjoxMjM0NTY=" }, "https://index.docker.io/v1/": { "auth": "Y2xzbjpIenNAMTk5Ng==" } }, "HttpHeaders": {" user-agent ": "docker-client / 17.12.0-CE (Linux)"}}Copy the code

At this point, a simple Docker image warehouse has been built

Docker-compose composing tool

Install the docker – compose

Install the docker – compose

# yum install -y python2-compose PIP install docker-composeCopy the code

Enable PIP download acceleration in China:

mirrors.aliyun.com/help/pypi

mkdir ~/.pip/
cat > ~/.pip/pip.conf <<'EOF'
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF
Copy the code

Orchestrate boot image

1. Create a file directory

[root@docker01 ~]# mkdir /opt/my_wordpress/
[root@docker01 ~]# cd /opt/my_wordpress/
Copy the code

2, write the layout file

[root@docker01 my_wordpress]# vim docker-composing. Yml version: '3' services: db: image: mysql:5.7 volumes: - /data/db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: wordpress:latest volumes: - /data/web_data:/var/www/html ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpressCopy the code

3, start,

[root@docker01 my_wordpress]# docker-compose up # docker-compose upCopy the code

4. Visit http://10.0.0.100:8000 in your browser

Install wordpress

Haproxy represents the back-end Docker container

1, modify the choreography script

[root@docker01 my_wordpress]# docker-composing. Yml version: '3' services: db: image: mysql:5.7 volumes: - /data/db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: wordpress:latest volumes: - /data/web_data:/var/www/html ports: - "80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpressCopy the code

2. Start two wordpress sites at the same time

[root@docker01 my_wordpress]# docker-compose scale wordpress=2 
WARNING: The scale command is deprecated. Use the up command with the --scale flag instead.
Starting mywordpress_wordpress_1 ... done
Creating mywordpress_wordpress_2 ... done
Copy the code

3. Install HaProxy

[root@docker01聽~]#聽yum聽install聽haproxy聽-y
Copy the code

4, modify haproxy configuration file about the details of your configuration file, refer to: www.cnblogs.com/MacoLee/p/5…

root@docker01 ~]#cp /etc/haproxy.cfg {,.bak} [root@docker01 ~]# vim /etc/haproxy.cfg global log 127.0.0.1  local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon stats socket /var/lib/haproxy/stats level admin: defaults mode HTTP log global option Httplog option DontLognull option Http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout HTTP-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 LISTEN STATS mode HTTP bind 0.0.0.0:8888 stats enable stats URI /haproxy-status stats auth admin:123456 frontend Frontend_www_example_com bind 10.0.0.100:8000 mode HTTP option Httplog log Global default_backend backend_www_example_com backend backend_www_example_com option forwardfor header X-REAL-IP option httpchk HEAD / HTTP/1.0 balance roundrobin server web-node1 10.0.0.100:32768 Check Inter 2000 rise 30 fall 15 server web-node2 10.0.0.100:32769 Check Inter 2000 Rise 30 Fall 15Copy the code

5. Start HaProxy

systemctl start haproxy
systemctl enable haproxy
Copy the code

6. Use a browser to access port 8000 that Hapeoxy listens to to see the load

7. Use a browser to access

http://10.0.0.100:8888/haproxy-status

You can see the monitoring status of the back-end node,

Socat is installed to operate sockets directly to control HAProxy

1. Install the software

yum聽install聽socat.x86_64聽-y
Copy the code

2. Check for help

[root@docker01聽web_data]#聽echo聽"help"|socat聽stdio聽/var/lib/haproxy/stats
Copy the code

3. Go offline to the backend node

echo聽"disable聽server聽backend_www_example_com/web-node2"|socat聽stdio聽/var/lib/haproxy/stats
Copy the code

4. Online backend node

echo聽"enable聽server聽backend_www_example_com/web-node3"|socat聽stdio聽/var/lib/haproxy/stats
Copy the code

5, write PHP test page, put it under /data/web_data, access in the browser to view the current node

[root@docker01 web_data]# vim check. PHP < HTML > <head> <title>PHP test </title> </head> <body> <? php echo '<p>Hello World </p>'; ? > <? PHP echo "access to the server address is:". "< fontcolor = red >". $_SERVER [' SERVER_ADDR]. "< / font >", "< br >"; Echo "access server domain name is:". "< fontcolor = red >". $_SERVER [' SERVER_NAME ']. "< / font >", "< br >"; ? > </body> </html>Copy the code

Restart docker service, container all exit solution

Automatic restart is specified at startup

docker聽run聽聽--restart=always
Copy the code

Modify the default docker configuration file

# add the following line "live-restore": trueCopy the code

Docker Server configuration file /etc/docker-daemon. json for reference

[root@docker02 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"], "graph": /opt/mydocker" /opt/mydocker/ "/ var/lib/docker/ "insecure-registries" [10.0.0.100:5000 ""]," live - restore ": true}Copy the code

The restart takes effect only for containers started after the restart

[root@docker01聽~]#聽systemctl聽restart聽聽docker.service
Copy the code

Docker Network type

Docker network type

Bridge Default Docker network isolation is based on network namespace. When docker containers are created on the physical machine, network namespace will be allocated to each docker container, and the container IP Bridge will be connected to the virtual Bridge of the physical machine.

Do not configure network functions for containers

In this mode, no network parameters, such as container network adapters, IP addresses, and communication routes, are configured for containers.

[root@docker01 ~]# docker run -it --network none busybox:latest /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue link/ LOOPBACK 00:00:00:brD 00:00:00:00:00:inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft foreverCopy the code

Sharing network configuration with other containers (Containers)

This model and the host is very similar, but this pattern to create containers share other container’s IP and port rather than the physical machine, this pattern and port container itself is not configured network, to create a container in this mode, you will find that the IP is inside the specified by the IP and port container is Shared, and the other is isolated from each other, Processes, etc.

[root@docker01 ~]# docker run -it --network container:mywordpress_db_1 busybox:latest /bin/sh / # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue link/ LOOPBACK 00:00:00:brD 00:00:00:00:00:inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 105: eth0@if106: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff inet 172.18.0.3/16 BRD 172.18.255.255 scope global eth0 valid_lft forever preferred_lft foreverCopy the code

Use the host network

The container created in this mode does not have its own Network Namespace, but shares a Network Namespace with the physical machine and all ports and IP addresses of the physical machine. In this mode, the container is considered insecure.

[root@docker01聽~]#聽docker聽run聽聽-it聽--network聽host聽聽busybox:latest聽聽/bin/sh
Copy the code

Viewing the Network List

[root@docker01 ~]# docker network list 
NETWORK ID          NAME                  DRIVER              SCOPE
b15e8a720d3b        bridge                bridge              local
345d65b4c2a0        host                  host                local
bc5e2a32bb55        mywordpress_default   bridge              local
ebf76eea91bb        none                  null                local
Copy the code

Configure a separate IP for the Docker container using PIPEWORK

  • Reference Documents:

    blog.csdn.net/design321/article/details/48264825

  • Official website:

    github.com/jpetazzo/pipework

  • Host environment: centos7.2

1. Install Pipework

wget https://github.com/jpetazzo/pipework/archive/master.zip
unzip master.zip 
cp pipework-master/pipework  /usr/local/bin/
chmod +x /usr/local/bin/pipework
Copy the code

2. Configure the bridge nic. Install the bridge tool

yum聽install聽bridge-utils.x86_64聽-y
Copy the code

Modify the nic configuration to bridge

# change eth0 configuration [root@docker01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static NAME=eth0 DEVICE=eth0 ONBOOT=yes BRIDGE=br0 [root@docker01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 TYPE=Bridge BOOTPROTO=static NAME=br0 DEVICE=br0 ONBOOT=yes IPADDR=10.0.0.100 NETMASK=255.255.255.0 GATEWAY=10.0.0.254 DNS1=223.5.5.5 [root@docker01 ~]# /etc/init.d/network restartCopy the code

3. Run a container image test:

Pipework br0 $(docker run -d it -p 6880:80 --name httpd_pw HTTPD) 10.0.0.220/[email protected]Copy the code

Test ports and connectivity on other hosts

[root@docker01 ~]# curl 10.0.0.220 < HTML ><body><h1>It works! </h1></body></ HTML > [root@docker01 ~]# ping 10.0.0.220 -c 1 Ping 10.0.0.220 (10.0.0.220) 56(84) bytes of data.64 bytes From 10.0.0.220: ICmp_seq =1 TTL =64 time= 0.03msCopy the code

4, Run another container and set network type to None:

Pipework br0 $(docker run -d it --net=none --name test HTTPD :2.4) 10.0.0.221/[email protected]Copy the code

Conduct access tests

[root@docker01 ~]# curl 10.0.0.221 < HTML ><body><h1>It works! </h1></body></html>Copy the code

5. After restarting the container, you need to specify again:

Pipework br0 testDuliIP 172.16.146.113/[email protected] Pipework br0 testduliip01 172.16.146.112/[email protected]Copy the code

Overlay of Dcoker cross-host communication can be referenced:

cnblogs.com/CloudMan6/p/7270551.html

Macvlan for Docker cross-host communication

Create a network

[root@docker01 ~]# docker network  create --driver macvlan  --subnet 10.1.0.0/24 --gateway 10.1.0.254 -o parent=eth0  macvlan_1
33a1f41dcc074f91b5bd45e7dfedabfb2b8ec82db16542f05213839a119b62ca
Copy the code

Set the nic to promiscuous mode

ip聽link聽set聽eth0聽promisc聽on
Copy the code

Create a network container using macVLAN

[root@docker02 ~]# docker run -it --network macVlan_1 -- IP =10.1.0.222 busybox /bCopy the code

Docker enterprise-class mirror warehouse harbor

Container management

[root@docker01聽harbor]#聽pwd/opt/harbor[root@docker01聽harbor]#聽docker-compose聽stop
Copy the code

Docker: docker-compose: docker-compose: docker-compose: docker-compose

CD/opt && https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.3.0.tgz tar xf Harbor - offline installer - v1.3.0 TGZCopy the code

2. Change the password for logging in to the host and web UI

[root@docker01 harbor]# vim harbor.cfg 路路 hostname = 10.0.0.100 harbor_admin_password = Harbor12345 路路路Copy the code

3. Run the installation script

[root@docker01 harbor]# ./install.sh
Copy the code

Browser visit http://10.0.0.11

Add a project

4. The mirror is pushed to the specified project in the warehouse

/ root @ docker02 ~ # docker tag centos: 6.8 10.0.0.100 / CLSN/centos6.8:1.0 / root @ docker02 ~ # root @ docker02 ~ # docker Images REPOSITORY TAG IMAGE ID CREATED the SIZE busybox latest 5 b0d59026729 8 days line 1.15 MB 10.0.0.100 / CLSN centos6.8 1.0 6704d778b3ba 2 months ago 235MB centos 6704d778b3ba 2 months ago 235MB [root@docker02 ~]# docker login 10.0.0.100 Username: admin Password: Login SucceededCopy the code

5. Push an image

/ root @ docker02 ~ # docker push 10.0.0.100 / CLSN centos6.8 The push refers to The repository 10.0.0.100 / CLSN/centos6.8 E00c9229b481: Pushing 13.53 MB / 194.5 MBCopy the code

6. View information on the Web UI

Tips for using containers

1. Don’t distribute your application as a split 2. Don’t create large images 3. Do not run multiple processes in a single container 4. Do not store credentials in the image, do not rely on IP addresses 5. Run the process as a non-root user 6. Do not use the “Latest” tag 7. Do not create an image with a running container 8. Do not use single-layer mirrors

9. Do not store data in containers

Monitoring of Docker containers

Basic container information

  • The information includes the number, ID, name, mirror, start command, and port of the container

The running state of the container

  • Count the number of containers in each state, including running, paused, stopped, and abnormal exit

Container usage information

  • Collects statistics on resource usage of containers, such as CPU usage, memory usage, block device I/O usage, and network usage

reference

  • redhat.com/zh/topics/containers/whats-a-linux-container
  • redhat.com/zh/topics/containers/what-is-docker
  • blog.51cto.com/dihaifeng/1713512
  • cnblogs.com/Bourbon-tian/p/6867796.html
  • cnblogs.com/CloudMan6/p/6806193.html

Author: Miserable green boy

Link: cnblogs.com/clsn/p/8410309.html source: blog garden

To read more

Tencent another masterpiece! Open source own Tencent JDK

Don’t fool around, these languages are going to be obsolete!

It takes time for the server to execute MySQL

New skills MyBatis tens of millions of data tables, fast paging!

Hongmeng OS open source project OpenHarmony

How to complete a quick query

How come contra can achieve such a long story with only 128KB?

Finally, we will continue to use our official account “Terminal R&d Department” to recommend a high-quality technology-related article every day, mainly sharing Java related technology and interview skills. Our goal is to know what it is, why, lay a solid foundation, and do everything well! The main technology of the public super worth our attention.